I have a TZ200 on 5.9.1.13-5o serving as my "HQ" firewall. 5 remote sites with TZ100 or TZ105 connected via site to site. All traffic passes between all sites without issue. I added an Azure Tunnel connection. Traffic passes from HQ TZ200 to Azure and vice versa, but I can not get it to allow traffic between the remote sites and the Azure subnet. Is this even possible? My Azure side is definitely allowing the remote subnets from what I can see in my configuration and packet monitor when I ping from an Azure host. I verified I added the Azure subnet to my remote network policy on the remotes as well. I see the VPN tunnel for each subnet come up green. I even added a route on the TZ200 side out of desperation but no dice. Packet monitor shows captured icmp packets with both the status of consumed and forwarded. I assumed they would all be consumed.